You are affected if your php.ini configuration has register_argc_argv enabled.
Update to 3.9.14, 4.13.2, or 5.5.2.
If you can't upgrade yet, and register_argc_argv is enabled, you can disable it to mitigate the issue.
| Score | Percentile |
|---|---|
| 93.93% | 99.88% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 9.8 | 3.1 | — |
|
| 9.3 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-2p6p-9rc9-62j9 ↗ |
| CVE | CVE-2024-56145 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| composer | craftcms/cms | >= 5.0.0-RC1, < 5.5.2 | 5.5.2 | — |
| composer | craftcms/cms | >= 4.0.0-RC1, < 4.13.2 | 4.13.2 | — |
| composer | craftcms/cms | >= 3.0.0, < 3.9.14 | 3.9.14 | — |